The profitability of ransomware made it the top cyber threat last year in two categories: the number of attacks and the amount of money generated for crooks, according to a Trend Micro lookback on data collected from customers.

Not only is the ransomware business booming, it’s innovating, with Trend Micro researchers identifying 752 new families last year, up from 29 in 2015.

Add to this the rise of ransomware as a service (RaaS) and payments made to anonymous bitcoin accounts, and the result is a booming criminal enterprise worth $1 billion last year, according to TrendLabs 2016 Security Roundup. Neophyte crooks are being drawn in because it’s so easy to set up a ransomware operation, the report says. “Since RaaS is available in the underground, the service provides fledgling cybercriminals the necessary tools to run their own extortion campaigns,” it says.

Mostly – 79% of the time – ransomware is spread via spam and victims clicking on malicious links or opening attachments that contain the malware, the report says.

Trend Micro researchers found that business email compromise (BEC), which includes whale phishing, proved lucrative to attackers last year. It’s relatively easy to carry out since it requires no special technical skills, and the payday can be in the millions of dollars. For example, the CFO for cable manufacturer Leoni AG was tricked into transferring $44.6 million to a foreign account via a BEC scam.

Typically, these attacks use an email that convinces an employee that an executive wants a large sum of money transferred urgently. The requests are phony and the transfers are made to accounts controlled by the criminals. So the attacker has to know the names of the parties being scammed and be able to compose a convincing request.

Since the email is just text, there is no malware that can be detected, Trend Micro notes.

U.S. companies accounted for 37.55% of the victims discovered by Trend Micro, with the U.K. coming in second at 9.61% and Hong Kong coming in third at 2.85%.

Microsoft has cleaned up its act when it comes to software vulnerabilities, the report says. The company just about halved the recorded vulnerabilities from 175 to 93 over the previous year. Internet Explorer tallied the highest number of reported vulnerabilities among Microsoft software with 33, a decrease of 73% from the year before.

The report credits the company’s new means of distributing patches for the decline in vulnerabilities. “Instead of making individual bulletins for each patch available, Microsoft is pooling all the updates into a single monthly deployment,” the report says. “This streamlined approach is better at providing users with continued security.”

This story, "Trend Micro report: Ransomware booming" was originally published by
Network World.